refactor(middleware/session): Update absolute timeout handling

- Update absolute timeout handling in getSession function - Set absolute expiration time in getSession function - Delete expired session in GetByID function
gofiber · Oct 2, 2024 · 84adbe1 · 84adbe1
1 parent 07092c8
commit 84adbe1
Show file tree

Hide file tree

Showing 2 changed files with 39 additions and 7 deletions.
diff --git a/middleware/session/session_test.go b/middleware/session/session_test.go
@@ -621,12 +621,16 @@ func Test_Session_Save_AbsoluteTimeout(t *testing.T) {
 	t.Run("save to cookie", func(t *testing.T) {
 		t.Parallel()
 
-		const absoluteTimeout = 5 * time.Second
+		const absoluteTimeout = 1 * time.Second
 		// session store
 		store := NewStore(Config{
-			IdleTimeout:     5 * time.Second,
+			IdleTimeout:     absoluteTimeout,
 			AbsoluteTimeout: absoluteTimeout,
 		})
+
+		// force change to IdleTimeout
+		store.Config.IdleTimeout = 10 * time.Second
+
 		// fiber instance
 		app := fiber.New()
 		// fiber context
@@ -657,21 +661,35 @@ func Test_Session_Save_AbsoluteTimeout(t *testing.T) {
 		require.Equal(t, "john", sess.Get("name"))
 
 		// just to make sure the session has been expired
-		time.Sleep(absoluteTimeout + (10 * time.Millisecond))
+		time.Sleep(absoluteTimeout + (100 * time.Millisecond))
 
 		sess.Release()
 
 		app.ReleaseCtx(ctx)
 		ctx = app.AcquireCtx(&fasthttp.RequestCtx{})
-		defer app.ReleaseCtx(ctx)
 
 		// here you should get a new session
 		ctx.Request().Header.SetCookie(store.sessionName, token)
 		sess, err = store.Get(ctx)
-		defer sess.Release()
 		require.NoError(t, err)
 		require.Nil(t, sess.Get("name"))
 		require.NotEqual(t, sess.ID(), token)
+		require.True(t, sess.Fresh())
+		require.IsType(t, time.Time{}, sess.Get(absExpirationKey))
+
+		token = sess.ID()
+
+		sess.Set("name", "john")
+
+		// save session
+		err = sess.Save()
+		require.NoError(t, err)
+
+		sess.Release()
+		app.ReleaseCtx(ctx)
+
+		// just to make sure the session has been expired
+		time.Sleep(absoluteTimeout + (100 * time.Millisecond))
 
 		// try to get expired session by id
 		sess, err = store.GetByID(token)
@@ -1287,4 +1305,15 @@ func Test_Session_StoreGetDecodeSessionDataError(t *testing.T) {
 
 	// Check that the error message is as expected
 	require.Contains(t, err.Error(), "failed to decode session data", "Unexpected error message")
+
+	// Check that the error is as expected
+	require.ErrorContains(t, err, "failed to decode session data", "Unexpected error")
+
+	// Attempt to get the session by ID
+	_, err = store.GetByID(sessionID)
+	require.Error(t, err, "Expected error due to invalid session data, but got nil")
+
+	// Check that the error message is as expected
+	require.ErrorContains(t, err, "failed to decode session data", "Unexpected error")
+
 }
diff --git a/middleware/session/store.go b/middleware/session/store.go
@@ -177,6 +177,7 @@ func (s *Store) getSession(c fiber.Ctx) (*Session, error) {
 		if err := sess.Reset(); err != nil {
 			return nil, fmt.Errorf("failed to reset session: %w", err)
 		}
+		sess.setAbsExpiration(time.Now().Add(s.AbsoluteTimeout))
 	}
 
 	return sess, nil
@@ -310,8 +311,10 @@ func (s *Store) GetByID(id string) (*Session, error) {
 
 	if s.AbsoluteTimeout > 0 {
 		if sess.isAbsExpired() {
-			if err := sess.Destroy(); err != nil {
-				log.Errorf("failed to destroy expired session: %v", err)
+			err := sess.config.Storage.Delete(sess.ID())
+			sess.Release()
+			if err != nil {
+				log.Errorf("failed to delete expired session: %v", err)
 			}
 			return nil, ErrSessionIDNotFoundInStore
 		}